2.2.6.5.1 A-SQM Rule Header

The A-SQM rule header describes the rule.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

RuleLength

RuleIdentifier

RuleEvaluationFlag

RuleType

RuleCallbackValue

RuleAction

RuleExpirationTime

RuleLength (4 bytes): A 32-bit unsigned integer specifying the length of the rule (all inclusive), in bytes.

RuleIdentifier (4 bytes): A 32-bit unsigned integer specifying the rule identifier. Each RuleIdentifier value MUST be unique within the manifest.

RuleEvaluationFlag (4 bytes): A 32-bit unsigned integer specifying the rule evaluation flag. Each AND clause (see section 2.2.6.5.2) MUST be represented by a single bit set to 0x1.

The bit value is not required to be monotonically increasing in position for each AND. Each bit MUST uniquely map to the AND Clause EvaluationFlag.

For example, a rule with 5 AND clauses could have the following RuleEvaluationFlag where A-E evaluate to 0x1.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

A

B

C

D

E

0x0

RuleType (4 bytes): A 32-bit unsigned integer specifying the rule type. This value MUST be specified from one of the following values:

Value

 Meaning

0x00000001

Callback rule type.

0x00000002

Report rule type.

RuleCallbackValue (4 bytes): A 32-bit unsigned integer specifying the value to make available to the SQM-enabled application when the rule evaluates to TRUE.

RuleAction (4 bytes): A 32-bit unsigned integer specifying the action that rule evaluations resulting in TRUE will generate. This value MUST be specified from one of the following values:

Value

 Meaning

0x00000001

The rule gives a callback to an application-defined function when triggered.

0x00000002

The rule escalates to a Windows Error Reporting (WER) report with a dump type of WerDumpTypeMiniDump, as described in [MSDN-WER].

0x00000004

The rule escalates to a Windows Error Reporting (WER) report with a dump type of WerDumpTypeMicroDump, as described in [MSDN-WER].

0x00000008

The rule escalates to a Windows Error Reporting (WER) report with a dump type of WerDumpTypeHeapDump, as described in [MSDN-WER].

RuleExpirationTime (8 bytes): A 64-bit FILETIME value specifying the time the rule expires. FILETIME is defined in [MS-RPCE] section 6.